Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: Possibably the Ultimate Scam

  1. #21
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Tiger......nope, the only places it shows the link hand is on the links.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  2. #22
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Mox:

    Do me a favor... PM me the HTTP.... There isn't much in the headers that points anywhere other than legitimate sources except that the server xprdmx9.nwk.excite.com has no reverse DNS but that's quite possible if it is an internal server for mail transfer. Thus the only remaining clues would be in the HTML as far as I can see.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #23
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Ok, I just forwarded the email to anouther member in two different formats, and in the second one, the full html was displayed.
    The typo's and such were corrected when the full html was displayed and it appears to actually be originated by MSN.

    My browser settings must have stripped alot of the html out of the message, because what I first seen looked very suspect, but with the full html there, it looks legit.

    Tiger, I don't know how to copy the full html out of the email. All I can get is the stripped down version. I just found out, I can forward the full thing....even the parts that my browser stripped.

    edit> let me try forwarding it to another email account, perhaps I can copy it better from there.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #24
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    TS: i have the original HTML. If mox doesnt get it to you I will. I kind of wish i were better versed in how frontpage does its coding. I cant spot anything actualy wrong or malicous after a very quick glance through it but damn this code seems screwy. Like a <font> tag on every paragraph. I would almost have to say this looks legit except i didnt think MS was in the habit of spam.

  5. #25
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Ok. Firefox strips most of the html out of it also in my gmail account, so I guess ZomBieMann will have to send it to you.

    Damn,
    You are receiving this message because you are a preferred Microsoft customer. If you have questions about our privacy policies, please read our privacy statement. privacy statement.
    I wonder how that came about, especially to my Excite account???
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #26
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    Actualy Mox i was able to get the original HTML from gmail using firefox. Unless i am missing something. I just clciked on more options then clicked on show original and got what apeared to be the original HTML. I have already PM'd it to tiger shark and will PM it to anybody else who requests it. Like i said in my other post. I cant find anything wrong but something doesnt seem quite right either

  7. #27
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Zombie:

    Yeah, I'm not great at HTML code but I'd like to have a look if you have the complete code.

    Mox: You said you have received a couple of CD's in the past from MS. It's quite likely that just the act of requesting one of them put you on that status. You sure you never gave the excite address to them when you signed up for one of those cd's.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #28
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    i have been following this thread (god knows why?!) and i have to butt in and ask:

    are we all sure we aren't seeing more than is actually there because we are looking for more than is actually there?
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  9. #29
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Secure:

    No, I'm not.... But in order to make a determination I need all the information, the final part of which I just received.

    Mox: It's all Genuine.... Congrats.... You are a Preferred Customer of Microsoft's....

    Everything in the HTML is kosher. I even followed the links in there. The "danger" area is a button to turn on Automatic Updates and the link to windowsupdate.microsoft.com

    The button takes you to protect.microsoft.com which is a verifiable MS site within their CIDR and the link genuinely takes you to windowsupdate.microsoft.com.

    The only potential danger in those two, since they are links, would be DNS poisoning and that would have been a huge issue and would have been noticed immediately by the world as a whole.

    Go ahead and get your SP2 Mox......

    PS: Thanks Zombie
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #30
    Junior Member
    Join Date
    Sep 2004
    Posts
    27
    seems like happy ending to this one .... except that if the email was really spam and was not originated from microsoft, then we may be in for a shock when next time the "initiator of the email" sends another similar email with the email text or links not being so friendly!!!!!!!!! ....
    keep smilling

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •